Wednesday, October 25, 2006

Safer Windows

Bill Gates is in the business of selling, among other things, operating systems for personal computers. While he is quite successful at that, a lot of the code of these operating systems is based on older code and design dating back many years ago. And some years ago personal computers were just that, personal, and not connected to any sort of network. So the operating systems designed for these non-networked computers are generally not very good at networking, and have more security leaks than the Afghan border.

Unsurprisingly Mr. Gates, having woken up to the reality of the internet, is since some time rather busy making his operating systems safer. For the current Windows XP there is now a Windows Defender antispyware program available for free from Microsoft. And, if you believe the announcements, next years Windows Vista will be a lot safer than any previous Windows versions.

Good news? Not if you profited handsomely from the Windows security flaws. Symantec and McAfee, two of the biggest providers of security software, are claiming that Microsoft is committing anti-competitive behavior by fixing those safety holes themselves, and not giving other companies access to the kernel-level security features of Vista. Doh!

There have been years of lawsuits about whether Microsoft had the right to add features like media players and web browsers to their operating system, with mixed results. But the one thing that a company making an operating system *must* be allowed to do is to make it safe. Can you imagine a judge forcing Microsoft to leave open security holes in their operating system, just so that companies making security software still have a market? If Mr. Gates manages to bring out an operating system which is immune to spyware, viruses, and hackers, more power to him.

I recently uninstalled the McAfee security center from all of my computers, because it became more and more bossy, not wanting to let me do even perfectly safe things, like transfering files between my computers. I do have a hardware firewall in my router, and the Windows software firewall, so a third firewall really isn't necessary. Against viruses I now use the free Avira AntiVir software, which isn't any worse than the $100 per year McAfee software. And I use another free software, AdAware against spyware, although I might try out the new free Microsoft Windows Defender. In combination with some basic common sense rules, like "don't click on anything in your email" and "don't be stupid", that is more than enough security for a home computer. Worst case scenario? I spend half a day formating my hard drive and reinstalling everything. I keep my data backed up, and don't store anything really secret on my computer, so why would I need expensive and cumbersome security software?

Don't believe the panic, most of what you hear about how dangerous the internet is, is hype spread by companies selling that software. Even the BBC honeypot, which they set up specifically to show how dangerous the internet is, required the journalists to click on a lot of spam messages, voluntarily installing software, before the computer became so clogged with adware and spyware that it stopped running correctly. If they had have the Windows firewall running and not clicked on any spam, their computer would have been perfectly safe. But of course that wouldn't have been such a good story.